From ac25292556d29feb6fc5e36a72a7f99b52c79cb5 Mon Sep 17 00:00:00 2001
From: Aram Sargsyan <aram@isc.org>
Date: Mon, 31 Oct 2022 13:03:47 +0000
Subject: [PATCH] Add CHANGES and release notes for [GL #2895]

(cherry picked from commit 3bf4bc7336d9fcb48bc1e3a4834b7a37cd50552f)
---
 CHANGES                     | 3 +++
 doc/notes/notes-current.rst | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/CHANGES b/CHANGES
index c42f95af1f..170cffb915 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+6009.	[bug]		Don't trust a placeholder KEYDATA from the managed-keys
+			zone by adding it into secroots. [GL #2895]
+
 6008.	[bug]		Fixed a race condition that could cause a crash
 			in dns_zone_synckeyzone(). [GL #3617]
 
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index a501bfe4dc..0f66431f78 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -54,3 +54,9 @@ Bug Fixes
 - The port in remote servers such as in :any:`primaries` and
   :any:`parental-agents` could be wrongly configured because of an inheritance
   bug. :gl:`#3627`
+
+- When having Internet connectivity issues during the initial startup of
+  ``named``, BIND resolver with :any:`dnssec-validation` set to ``auto`` could
+  enter into a state where it would not recover without stopping ``named``,
+  manually deleting ``managed-keys.bind`` and ``managed-keys.bind.jnl`` files,
+  and starting ``named`` again. :gl:`#2895`